Rootconf 2025 Annual Conference CfP

After becoming immensely frustrated and experiencing all the emotions that come with the struggles of implementing application security into our organization’s SDLC, we finally reached a breaking point. That’s when we decided, “That’s it!”

And so, we started The Firewall Project because we believe in:

• Open-source
• Transparency
• Community

Mission Statement

With breaches originating in the wild, application security shouldn’t be a luxury available only to enterprises and companies with big budgets. Instead, startups, SMBs, MSMEs, and individual projects should prioritize application security. Hence, The Firewall Project!

What is The Firewall Project?

The Firewall Project has developed a comprehensive Application Security Platform that enables developers to build securely from the start while giving security teams complete visibility and control. And it’s completely free and open source.

A unified, self-hosted AppSec platform that provides complete visibility into your organization’s security, with enterprise features like:

• Asset Inventory
• Streamlined Incident Management
• Dynamic Scoring & Risk-Based Prioritization
• RBAC
• SSO
• Rich API
• Slack/Jira Integrations
• And more

Why did we start The Firewall Project?

We discovered how difficult it is to deploy and manage open-source tools across an organization due to missing essential features and other challenges, such as:

• Limited budgets and resources
• Lack of post-commit scanning
• Lack of SSO
• No Jira/Slack integrations
• Missing RBAC policies
• Features locked behind paywalls
• Compliance and legal issues when sharing broad access with third-party cloud services

Now, eliminate all those “no’s” and get all the premium features with the community-driven The Firewall Project.

Important Links:

Website: https://thefirewall.org
Blogs: https://blogs.thefirewall.org
Github: https://github.com/TheFirewall-code/TheFirewall-Secrets-SCA
Documentation: https://docs.thefirewall.org
Youtube: https://www.youtube.com/@TheFirewallAppsecPlatform

Key Takeaways

• Shifting left to prevent security issues early in development.
• Operationalising security using risk based prioritisation and comprehensive owner-to-asset mapping can significantly improve the efficiency of security teams

This talk is best suited for security engineers and devsecops professionals

Speaker(s) Bio

Sparsh Kulshrestha
Project Lead, The Firewall Project
Sparsh has over 5 years of experience in cyber security, research and product development. He has authored multiple security tools, advisories and articles. He has been invited to speak at various security conferences like Bsides Singapore, Bsides Ahmedabad, c0c0n, etc.

Lavlesh Joshi
Senior Security Engineer, Nference
Lavlesh Joshi is a seasoned Senior Security Engineer, with deep expertise in cloud, infrastructure, and data security. His career journey spans roles from Security Analyst to offensive security specialist, where he honed his skills in ethical hacking and vulnerability discovery. Passionate about DevSecOps, Lavlesh is spearheading the development of an open-source shift-left security framework. A competitive coder, he is committed to delivering impactful security solutions that seamlessly integrate into development processes.